CSV API

The CSV API enables users to interrogate the datastore using a script or program, and receive data back as a stream of CSV (comma separated values) text, an empty string, or a return code. 

Additional permissions required on XML and CSV APIs

The permission required to access the CSV and XML API has changed. You need to grant the new API access permission (api-access group), or update group permissions to include the api/access permission for users who require access to the CSV and XML web APIs. Existing integrations will fail if you do not add the permission.


BMC recommends use of the REST API for new integrations as it provides more control when retrieving data, and provides a range of additional features across its endpoints.

Usage

The CSV API is intended to be used by a script or program. It can also be accessed using a browser, or using the wget command, though these would generally be used for testing. When using a URL you should ensure that the entire URL is properly encoded. For example, special characters in the password might require encoding. The following section describes the parameters required and values returned when using the CSV API. The query is specified as a URL of the form:

https://appliance/ui/api/CsvApi?query=search_string&username=username&password=password

If you are using an appliance with https redirection enabled, you must use an https URL in your scripts. The redirection script changes the http request and the script will not work. To enable or disable https redirection, see Configuring HTTPS settings. The URL is entered on a single line. In these examples, appliance is the resolvable hostname or IP address of the appliance, search_string is a query string as recognized by the datastore, username and password are the user name and password of the BMC Discovery user.

Security Considerations

During a typical HTTP request to the CSV API, the username and password is visible in plain text and can be recovered in order to gain unauthorized access to the BMC Discovery user interface.

  1. BMC recommend that you always use https access so that the username and password are not in plain text.
  2. You should always use a dedicated, read-only account for queries, and never use a high level account such as 'system'.

HTML URL Encoding

When constructing a URL string, care must be taken to properly encode characters that are not allowed in a URL, for example spaces:
https://appliance/ui/api/CsvApi?query=Search%20Host%20show%20name&username=username&password=password
A reference of encodings can be found here

Was this page helpful? Yes No Submitting... Thank you

Comments